Retailers beware: Mobile app data-sharing is under the microscope

By Bill SiwickiEditor, Mobile

A subpoena to Pandora underscores the growing debate over online privacy.

Pandora Media Inc., which operates the popular Pandora music streaming service online and through a mobile app, revealed in a recent Securities and Exchange Commission filing that it received a subpoena from a federal grand jury concerning the subject of privacy and information sharing in mobile apps that run on the Apple Inc. iOS and Google Inc. Android mobile operating systems. It added that it believes numerous other subpoenas were issued to other companies that operate smartphone apps.

Behind the subpoena may well be the increased scrutiny in Washington of online behavioral targeting, in which operators of web—and mobile—sites share data about consumers’ interests that ad networks use to present more relevant ads to consumers. Pandora made reference to the question of data-sharing in its SEC filing.

“New laws, amendments to or re-interpretations of existing laws, rules of self-regulatory bodies, industry standards and contractual obligations, as well as changes in our listeners’ expectations and demands regarding privacy and data security, may limit our ability to collect, use, and disclose, and to leverage and derive economic value from, listener data,” the SEC filing says. “We may also be required to expend significant resources to adapt to these changes and to develop new ways to deliver relevant advertising or otherwise provide value to our advertisers.”

Related Articles

Pandora would not answer questions on the matter but did provide Internet Retailer with a statement. In it, the merchant clearly spells out its stance on advertising and information-sharing within mobile apps.

“Recently, certain third party advertising software development kits (SDKs) from Medialets, AdMeld and Google have been the subject of scrutiny and speculation in the media. While we have no reason to believe that any of these mobile advertising companies acted outside the scope of our privacy policy, we have decided to remove the advertising SDKs entirely to ensure that our listeners have complete confidence in our commitment to their privacy,” the statement says.

The merchant says the revised versions of the Pandora mobile app will be available soon in the Apple App Store and Android Market.

Web site and mobile site and app publishers make money by selling space on their sites or in their apps to advertisers, or to ad networks that resell space to advertisers, including retailers. Many ad networks today use what is called behavioral ad targeting. This tactic displays ads to an Internet user based on the sites they visit, which tracked via cookies placed on a user’s web browser. If a merchant is part of an ad network, it might also collect non-personally identifiable information from mobile app users and report that data to the network. Or it might use that data for in-house marketing purposes.

So, through behavioral ad targeting, a consumer who visits Entertainment Weekly’s site, the New York Times movie review section and RogerEbert.com may see on the screen of another site they visit within an ad network an ad for a new movie.

Smart retailers include specific language on this method of data collection in their privacy statements, and include methods for customers to opt out so that no advertising cookie is placed on their web browsers and no data is collected as they use an app. Some consumer advocates are calling for stronger privacy protection. Bills introduced in Congress this year single out behavioral ad targeting with “Do not track” mechanisms and systems requiring customers to opt in rather than opt out of such data tracking.

In the meantime, retailers that buy into the behavioral targeting services of ad networks or collect data for their own marketing use must comply with existing federal and state privacy laws. And smart retailers will go the extra mile, experts say.

“You should fully disclose in plain language what data your are collecting, with what frequency you are collecting the data, to whom you are sending it, and what they will use it for,” says Phil Blank, senior security risk and fraud analyst at Javelin Strategy & Research. “If you want to be the knight in shining armor, you would have all data collection turned off on installation. And then through user education about the benefits and the trade-offs, the user can opt in if they choose.”

The retailer can explain if a user allows collection of location data, she will get generous offers at nearby stores, Blank says. And if she provides hersex and age, she will receive offers interesting to her gender and generation.

“By empowering your customer, by deputizing your customer, you give them control and generate loyalty to you as a trusted merchant, a merchant that will take care of the customer and protect her data,” Blank says.

Some federal lawmakers, responding to increased media coverage about behavioral ad targeting, are demanding thatconsumers be given more control over how and whether they are tracked on the Internet, including the mobile web.

“The reason it is getting heavy regulatory scrutiny is that the government wants to establish marketing guidelines for the mobile platform now, they don’t want bad practices to get entrenched early in the game,” says Richard B. Newman, Internet and mobile marketing attorney at Hinch Newman LLP. “They want to set standards before it gets out of hand.”